Britain's surveillance nerve-center GCHQ is trying a different tack in its effort to introduce backdoors into encrypted apps: reasonableness.
In an essay by the technical director of the spy agency's National Cyber Security Centre, Ian Levy, and technical director for cryptanalysis at GCHQ, Crispin Robinson, the authors go out …

COMMENTS

Page:

Quid pro quo, Clarice...

If the government wants back doors for intercepting private communications, which they have in the past, without warrant, authorization, and against the law, they can offer something else, aside from “security” in return- uncompromising transparency. If someone has even a remotely legitimate reason to ask why they spied on so-and-so without warrant or authorization, they must provide a timely, well reasoned, and above all legitimate response or face the same dire consequences as their victims. Further, there must be sanctions for violating this principle, with real teeth- think multi- million dollar fines to the government, just as they would give The Face Book, Google, etc all. Ben Franklin, one of the founding fathers of my country famously said “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” This is as right today as it was then. The Brits may hold different views. Just remember that “....temporary safety...” more often becomes permanent in a nanny state.

Re: Quid pro quo, Clarice...

Most Brits agree with you. It's just the rulers who don't. I am not talking about the elected misgovernment, but the deep perpetual misgovernment that lives in the Civil Service and the Old-Boys networks.

We never had 'essential Liberty' to give up, it was never granted when the Crown passed it's open self-interest to the hidden deep-state.

Re: Quid pro quo, Clarice...

Further, there must be sanctions for violating this principle, with real teeth- think multi- million dollar fines to the government, just as they would give The Face Book, Google, etc all.

So you want to penalise the tax payers?

Fining the government has zero effect as the money just comes from the exchequer, no, if you want sanctions then disbarment from public office, personal fines to (then ex) ministers, confiscation of property, tar & feathers might be a bit too far but the principle of pubic humiliation as punishment for crimes against the people they are supposed to serve is correct.

Re: Quid pro quo, Clarice...

> ... the hidden deep-state

OK, I was following you up to that point, but then... What is this, an Alt-Right US rag? Let me guess, Hillary runs this deep-state from a pizza parlour?

Conspiracy theories don't do anyone any good. Adopting the same language as the nuts across the pond will do you no favours, any more than shouting "AM I BEING DETAINED" will get the police to take your civil liberties seriously.

Re: Quid pro quo, Clarice...

"OK, I was following you up to that point, but then... What is this, an Alt-Right US rag?"

It is difficult, because there really is a hidden British state. The security services have kept files on Labour Prime Ministers. Secret policemen really have infiltrated harmless pressure groups in order to make them more extreme. Senior civil servants really do come from an extremely narrow range of backgrounds and, mostly, schools. The public school system really does discourage social mobility. It isn't left or right but fundamentally authoritarianism versus liberalism, with the system, including GCHQ, very definitely on the side of authoritarianism. Brexit makes it easier because then nobody is poking around asking awkward questions.

Hillary Clinton really is part of the authoritarian wing of the US Democratic Party.

The difficulty, given the sheer stupidity and lack of critical thinking of the average person, is how to create a better system.

Re: Quid pro quo, Clarice...

As mentioned in the article, it's a question of trust. GCHQ etc have broken their trust and if they want to rebuild it, more than empty words are required.

In principle I am not against law enforcement having access to the communications of nasty people. BUT they need a warrant that is targeted at a specific person or small group of people, and limited in scope (what they are looking for) and time (limited to a few months and needs to go through full process to reauthorise). Also, to guarantee that the powers are not being abused, the intercept HAS to be done through the 3rd-party service provider (eg Whatsapp) not directly by GCHQ etc, and these providers need to be paid by law enforcement to provide their services, AND most importantly be allowed, nay, required, to publish frequently and in detail how many intercepts they are being asked to make. Plus any other safeguards as may seem necessary including truly independent external oversight and heavy penalties (including jail time) for abusers.

Now, law enforcement might look at that list and say... but that's really restrictive... to which we reply THAT'S THE BLOODY POINT!!!

Re: Quid pro quo, Clarice...

In the US, at least, it would be a good option. If people were aware of their tax dollars being wasted in such a manner, they would vote the fools who support such a scheme (as proposed) out of office. Congress critters are, in their own way more vain than even the worst instagrammer, constantly trying to appease their supporters, and keeping an eye and a half on the polls (unless they’re going to retire, or run for another office). Look at how many times members of both parties flip-flop position on things based on popular sentiment in their district. “Not my tax dollars!” would certainly be the popular sentiment among conservatives, and liberals would invoke the fourth amendment. It almost, more or less, worked before after the Snowden revelations. In that case, though, there was only the carrot; now we need the stick.

Things might be different in Blighty, where the House of Commons, (realative to our WhoRes) is so diluted they may not care. We have one Rep on average for every 1-million people, to put it in perspective- IIRC, Britain has something like 10 MPs for every million people.

Re: Quid pro quo, Clarice...

WhatsApp has already gifted the alphabet agencies a backdoor to their users chats via a new 'feature' which backs up your chats to Google drive (unsure about apple version) totally un-encrypted. You might disable backups but has the other end you are speaking too?

Expect to see more of these crafty backdoor ways to your chats as well as interference with keys at the service provider end to give real time access/mirroring capabilities.

Re: Quid pro quo, Clarice...

To quote from the Guardian Michael Jarve -

“Once you are the subject of unlimited surveillance, you’ve lost your ability to think freely”

Henry Porter - Journalist and Writer

So imagine being both the subject of unlimited surveillance and great game plays with daily death threat driver deliverables, combine this with an increasingly hostile environment, no income, blacklisted so you are unable to work, and increasing psychological torture, coercion and duress.

What would a person do under such circumstances?, and imagine if such circumstances had carried on for a number of years?, 6 or more?, would such a ‘subject’ be the next Ed Sh eeran?, or Jump in the Yellow Submarine?

I would suggest nothing more than a practical prisoner of war, or pet at home, when does a process become the next Stanford Prisoner Experiment?, one that perhaps would be better be dealt with by foresight as opposed to hindsight?

Re: Quid pro quo, Clarice...

This is part of the classic 5-eyes bait and switch. Everyone starts complaining about encryption, terrorists, paedos, and other bogeymen du jour. Then they start talking about must-have access to encrypted comms. The IT community responds with outrage at the thought of breaking encryption. Cue various to-ings and fro-ings on each side about absolute need vs privacy and open access to criminals and despots. This goes on for some time. Then one of the 5-eyes agencies, normally the shitbags at GCHQ who (under the Snowden leaks) seem the worst of the bunch, come up with the solution they were likely after all along as a fall-back plan - namely to allow them to be inserted into encrypted conversations as an unseen fly-on-the-wall, thus preserving the encryption but tapping the information flow.

This process needs to be looked at by all as a free-standing proposal rather than "as opposed to breaking encryption", at which point it will be seen to be equally as repulsive given we all know that they will extend it to "insert us into every chat automatically" via some secret court order.

Re: Define "security"

Tell them that any modifications to public security methouds must be immediately & unilaterally mirrored to the government & military security methods. You want to be added to my otherwise secure conversation without my knowing? Then I want the same ability & "right" to do the same to that supposedly secure & scrambled phone on your desk. You want to listen in on my friends & I discussing how we hate your fucking traiterous asses, then we want the same capability to listen in on you discussing how you have been/currently are/plan to increase fucking us over. Don't like it? Neither do we.

Re: Define "security"

"Tell them that any modifications to public security methouds must be immediately & unilaterally mirrored to the government & military security methods"

The usual question of quis custodiet ipsos custodes. Of course the problem with 'watching the watchers' is then who watches the watchers who are watching the watchers who are watching the watchers who are.... and so on ad infinitum.

So in the end the solution to that problem is that the watchers are watched by whoever they are watching. Full reciprocity might be a dream, but... FOI requests that cannot be refused... full release of all government official data in 5 years, with even the most secret documents that have to be released after 10 years. The only guarantee of good behaviour is scrutiny. The cops etc believe this should only be applied to the plebs but it is far more appropriate for those in power

Re: Define "security"

It's only when you try to achieve that in reality that it falls short.

It's a bit like trust. Conceptually that is also binary, you can either trust someone or you can't.

In reality it's a bit more vague and it depends on what you are trusting someone for. Trusting a friend to return your car after borrowing it is one thing, trusting them to manage your bank accounts is another.

So here we have GCHQ, a known abuser of trust, asking us to trust it again. In response I would like to quote a well known security maxim back at them..

'Trust, but verify'. Until we have a cast-iron method of verification that their powers are not being abused then there simply cannot be any trust. At least not from those with a modicum of security training.

GCHQ compelling the quiet modification of software is a nasty tool. I appreciate the necessity that they must feel for it, given the information they must deal with day in/day out, but no UK legislation granting such powers would likely contain the nuance to prevent mass surveillance. Any legislation feels like an inevitability, but it could further make certain jobs in Software Development carry new responsibilities that'd need the money to match the pain entailed...

It is the most reasonable attempt yet, but I still see too many unanswered questions about security of the connection - again, if the government can get access with a warrant, what is to stop a hacker with access to the network from also listening in? There is too little information about how this should be implemented, without breaking things or allowing unauthorized parties (rogue admins, hackers) access.

The solution itself is almost reasonable, but the checks-and-balances need to be in place first and auditable, before such a solution can even be thought of.

They need to prove that they are trustworthy and, until now, they have only shown that they can't be trusted as far as you can throw GCHQ.

Unanswered questions..

> It is the most reasonable attempt yet, but I still see too many unanswered questions about security of the connection

I have some unanswered questions too.

o How do I test the GCHQ interface? If I write a shiny new chat app, that is peer-to-peer, how do I test against an interface that doesn't yet exist? And if GCHQ intend to provide 'standard' interfaces, what happens if my app's design doesn't quite align with their standard interface?

o Assuming GCHQ do eventually produce an interface that is dedicated to my app, or aligns with my app's modus operandi, then how do I retro-fit the changes back to existing sold copies without alerting users to a new version that they may choose not to install?

o How will I prevent the users detecting a third data connection out of their device (cos it's peer-to-peer)?

These can't be the only practical objections. Some more clarity on how GCHQ expect these issues to go away would be welcome.

Re: Unanswered questions..

> That is for you to decide. You write the interface. You have to give them access on demand.

Ah, so if I write my app in two parts, one part is sold to the public and the other part is delivered to GCHQ to run so that they can eavesdrop. Wouldn't it be awful if the GCHQ part did coin mining at the same time. :-)

Forcing software modification

Basically they are trying to do what the FBI tried to get Apple to do, but on a grand scale that would allow them to snoop anything they wanted. At least the FBI's "request" was to get into a single phone, though of course we all know the slippery slope that would have led to.

Because there's no way the GCHQ would settle for having to request to be added to a conversation in real time, or even being automatically added to every conversation with a given end point. They might say that's what they want now, but eventually they'd say the process is too cumbersome and they need to be able to add themselves to any number of calls they want to at any time, because "what if there's an active threat in downtown London and we don't know who the suspects are, we need to be able to look at all calls in a wide area to find the one that's of interest to save lives".

No matter what intelligence services propose for eavesdropping encrypted comms, even if it seems "reasonable" at first glance, there's always a slippery slope immediately behind it.

how can they do this [and keep the bad guys from doing the same] ?

OK - demanding BOTH ends of encrypted conversation have a back door that's NOT a back door...

W.T.F. ? (see icon)

And how are you gonna stop THE BAD GUYS from taking advantage of it?

And how are you going to PREVENT the bad guys from giving you the VIRTUAL FINGER and just doing encryption THEIR way and NOT telling you about it [until you try to back door them and it don't work] ???

Trying reasonableness?

Re: Trying reasonableness?

True... many governments have stretched the definition to the breaking point. Some get caught out (extremely rarely), but that is where you have very ineffectual congressional oversight. At least in our case we have one senator, Ron Wyden, who is acting as a sort of canary and trying to alert people to an abuse of power; though at least ( not publicaly) it’s not as bad on this side of the pond.

...without a clear indicator of the author's intent, it is impossible to create a parody of extreme views so obviously exaggerated that it cannot be mistaken by some readers for a sincere expression of the parodied views.

Re: Trying reasonableness?

No. This is more like the village bobby coming home with you and listening to everything you say and watching everything you do. See 1984 for where this is headed.

The government wants that bobby to sit in your bed and read all the communications you have with anyone, know what you're doing at all times, contacting at all times, watch TV with you, browse the internet with you. Be under no illusion, we live in a rapidly expanding 1984-esque police state.

The main reason the War was fought is that the Colonies wanted to be defended by England, but not have to pay anything towards that defence. They weren't happy with being taxed to pay for their own defence, so rebelled. Amusingly it's now Donald of Trump who is making that argument, but the other way round.

If anyone from GCHQ is reading this - I have no sympathy for your current position. As a result of your past actions, the UK population now finds itself wanting to be kept safe from bad actors, but regarding GCHQ as being amongst the bad actors we want protection from. You've effectively turned yourselves into a state-salaried criminal gang. Were it down to me, I'd fire the bulk of you, cut the salaries of those remaining by ten percent, and make it clear to those remaining that any future blatant disregard of the law and unfettered snooping would result in serious personal fines and jail sentences for everyone involved in those actions. I'm well aware of the need for intelligence agencies to sometimes transgress societal norms - but only in limited circumstances. Damn you for taking the piss, breaching our trust and then having the gall to lie about it. Damn you for being a security service we are ashamed of, rather than proud of.

I have sympathy but you're right the situation they're in is completely self-inflicted. They wanted to see all data all the time and when anybody found out - as was remarkably inevitable - the public were massively alarmed. Nothing has changed in GCHQ (and at the NSA, BND, others FWIW) since the events that led us to where we are now; without competent civilian oversight (there's civilian oversight, but it isn't competent) of what GCHQ are playing at with regards to what they're doing to perfectly innocent citizens minding their own business for a purpose that could easily be defined as "nothing good" long may it continue. I don't even see where competent oversight comes from by the way, they're never going to let people like me who _understand_ what the tools they use do and what the effect might be on national, personal and business security - as long as that remains true people like me are going to do everything we can to ensure they stay shut out of everywhere it matters. I've said it here before but their remit as defined in law is to protect the national security of the country, work in the interests of the economic well-being of the UK and support the prevention and detection of serious crime. Trawling comms of Joe Average minding his own business isn't that - in fact it plainly makes their job far far harder.

I don't even have confidence that they're even restricting themselves to working within the rather open legal framework they're allowed to act.

GCHQ are still needed...to protect us from the reprisals from the people whom we’ve decided to destroy their countries. Retribution, who’d have thunk?

Perhaps when Jezza wins and he stops all these mad wars and agitations we’ll finally get the long overdue peace dividends our citizens are crying out for? Or may be due to that very prospect, GCHQ will be helping to ensure Jezza doesn’t get elected?

Social Engineering

Couched in a more convincing spiel, leaving the poor bugger no option ...

Hello telco, this is GCHQ (honest guv). We urgently need to listen to those terrorists: they may be about to attack imminently. Yes of course they're terrorists: the Nether Blighty Sunday Cricket League is just a front! Yes, NOW, we can't wait while you complete all the red tape: that'll be too late, and your refusal to cooperate will be responsible for many deaths!

Not really what they have in mind

I don't think GCHQ plan to ask anything; they want "ghost" accounts able to slip in unnoticed, without the communication provider's authorisation: "We expect providers to validate that such an authorization is in place, but not try to independently judge the details of the case.". That means blanket pre-auth to bulk spying, no oversight or record-keeping needed, thankyouverymuch.